diff --git a/src/Composer/Downloader/GitDownloader.php b/src/Composer/Downloader/GitDownloader.php
index de85446b2..55c80dba6 100644
--- a/src/Composer/Downloader/GitDownloader.php
+++ b/src/Composer/Downloader/GitDownloader.php
@@ -14,6 +14,7 @@ namespace Composer\Downloader;
 
 use Composer\Package\PackageInterface;
 use Composer\Util\GitHub;
+use Composer\Util\Git as GitUtil;
 
 /**
  * @author Jordi Boggiano <j.boggiano@seld.be>
@@ -433,12 +434,8 @@ class GitDownloader extends VcsDownloader
 
     protected function cleanEnv()
     {
-        // clean up rogue git env vars in case this is running in a git hook
-        putenv('GIT_DIR');
-        putenv('GIT_WORK_TREE');
-
-        // added in git 1.7.1, prevents prompting the user for username/password
-        putenv('GIT_ASKPASS=echo');
+        $util = new GitUtil;
+        $util->cleanEnv();
     }
 
     protected function normalizePath($path)
diff --git a/src/Composer/Repository/Vcs/GitDriver.php b/src/Composer/Repository/Vcs/GitDriver.php
index 5c3095dce..b6459ce2e 100644
--- a/src/Composer/Repository/Vcs/GitDriver.php
+++ b/src/Composer/Repository/Vcs/GitDriver.php
@@ -15,6 +15,7 @@ namespace Composer\Repository\Vcs;
 use Composer\Json\JsonFile;
 use Composer\Util\ProcessExecutor;
 use Composer\Util\Filesystem;
+use Composer\Util\Git as GitUtil;
 use Composer\IO\IOInterface;
 
 /**
@@ -38,12 +39,8 @@ class GitDriver extends VcsDriver
         } else {
             $this->repoDir = $this->config->get('cache-vcs-dir') . '/' . preg_replace('{[^a-z0-9.]}i', '-', $this->url) . '/';
 
-            // clean up rogue git env vars in case this is running in a git hook
-            putenv('GIT_DIR');
-            putenv('GIT_WORK_TREE');
-
-            // added in git 1.7.1, prevents prompting the user for username/password
-            putenv('GIT_ASKPASS=echo');
+            $util = new GitUtil;
+            $util->cleanEnv();
 
             $fs = new Filesystem();
             $fs->ensureDirectoryExists(dirname($this->repoDir));
diff --git a/src/Composer/Util/Git.php b/src/Composer/Util/Git.php
new file mode 100644
index 000000000..cad774d94
--- /dev/null
+++ b/src/Composer/Util/Git.php
@@ -0,0 +1,39 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) Nils Adermann <naderman@naderman.de>
+ *     Jordi Boggiano <j.boggiano@seld.be>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Util;
+
+use Composer\IO\IOInterface;
+
+/**
+ * @author Jordi Boggiano <j.boggiano@seld.be>
+ */
+class Git
+{
+    public function cleanEnv()
+    {
+        if (ini_get('safe_mode') && false === strpos(ini_get('safe_mode_allowed_env_vars', 'GIT_ASKPASS'))) {
+            throw new \RuntimeException('safe_mode is enabled and safe_mode_allowed_env_vars does not contain GIT_ASKPASS, can not set env var. You can disable safe_mode with "-dsafe_mode=0" when running composer');
+        }
+
+        // added in git 1.7.1, prevents prompting the user for username/password
+        putenv('GIT_ASKPASS=echo');
+
+        // clean up rogue git env vars in case this is running in a git hook
+        if (getenv('GIT_DIR')) {
+            putenv('GIT_DIR');
+        }
+        if (getenv('GIT_WORK_TREE')) {
+            putenv('GIT_WORK_TREE');
+        }
+    }
+}